Sun
Java System Web Server Release Notes

These release notes contain important information about the Sun JavaTM System Web Server 7.0 Update 1 (Web Server) release. These
notes address new features and enhancements, installation notes, known problems,
and other late-breaking issues. Read this document before you begin using Web Server Update
1.

What's
New in This Release

Web Server 7.0 Update 1 is an update release to the major release of
Web Server 7.0.

In addition to the features and enhancements in Web Server 7.0 listed
later in these release notes, Web Server 7.0 Update 1 supports the Java Platform, Enterprise Edition (Java EE) 5.0 and Web 2.0 technologies.
The details of these features and enhancements are described in the sections
below.

Java Servlet technology provides web developers with a simple, consistent
mechanism for extending the functionality of a Web Server and for accessing
existing business systems. JSP technology provides a simplified and a fast
way to create dynamic web content. JSP technology enables rapid development
of web-based applications that are server and platform-independent.

Java SE 5.0 and 6 Support

Web Server supports the 32–bit version of the Java Platform,
Standard Edition (Java SETM) 5.0 and Java
Platform, Standard Edition (Java SE)
6. For the 64-bit version of Web Server, the 64–bit version of Java
Development Kit (JDKTM) software support is available.
The 64–bit version of Web Server is currently supported only on the
Solaris Operating System.

The following table lists the JDK versions supported on various platforms:

Table 1 Supported JDK Versions

Operating System

Supported Java SE Version

Whether Co-packaged With Web Server

64–bit Support (Yes/No)

Solaris SPARC

5.0_09

6

Yes

No

Yes

Solaris x86/AMD,AMD64

5.0_09

6

Yes

No

Yes

Linux

5.0_09

6

Yes

No

No

Windows

5.0_09

6

Yes

No

No

HP-UX

5.0_03

Yes

No

At the time of installation, you must specify a valid path for the JDK.
To use the JDK version that is not co-packaged with the product, download
the software from the following location:

Admin Console Support for Configuring Regular Expressions

Web Server provides support for writing regular expressions within the obj.conf file through the Admin Console. However, writing regular
expressions through the Admin Console is limited to the form of <If>..</If> conditions for URL redirects.

Redesigned Administration Server Interface

The Administration Server is a specially configured Web Server instance
on which the administration applications are deployed. An administration instance
runs on each node in the server farm. Of these nodes, one node is configured
to be the Administration Server and the rest are configured to be Administration
Nodes.

The web-based Administration Server is redesigned to make common tasks
easier to access and complex tasks easier to accomplish.

Sun N1 Service Provisioning System Support

Web Server is integrated with Sun N1TM Service
Provisioning Server 5.2. Sun N1 Service Provisioning System is an application
provisioning tool that eliminates the need for custom scripts. With the integration
of Web Server with Sun N1 Service Provisioning System, as an administrator,
you do not need to write custom scripts for installing multiple Web Servers
in a datacenter environment or in a server farm.

Consolidated Configuration Files

Configuration files in Web Server are rearranged and consolidated to
simplify administration.

In the earlier versions of Web Server, the configuration files in userdb were shared by all instances, while the information contained
in these files was often instance-specific. In Web Server 7.0, configuration
files from the userdb directory are removed. Their functionality
is incorporated into the server.xml file in the config directory. Configuration files from the alias and httpacl directories are moved into the config directory.
These changes consolidate instance-specific configuration information within
the instance-specific config directory.

Java Database Connectivity and Connection Pooling
Support

Web Server supports JDBC connection pooling, that is, a group of reusable
connections for a particular database. Because creating each new connection
is time consuming, the server maintains a pool of available connections to
increase performance. When an application requests a connection, it obtains
a connection from the pool. When an application closes a connection, the connection
is returned to the pool.

Integrated Java Web Services Developer Pack 2.0 Technologies

Web Server includes Java Web Services Developer Pack (Java WSDP) 2.0
and XML technologies. Web services developed by using Java WSDP can be deployed
on Web Server as a web application by using the wadm command.

Web Server 7.0 provides support for security features such as XML Encryption,
XML Digital Signature, and support for message security provider.

Lightweight Session Replication Support

Web Server supports cluster-based session replication and failover.
Session replication and failover provides high availability to web applications
by replicating HTTP sessions from one server instance to another in the same
server cluster. Because each HTTP session has a backup copy on a remote instance,
a server failure that renders one instance in the cluster unavailable does
not disturb session continuity.

URL Redirection and Rewriting with Regular Expressions

A restart Server Application Function (SAF)
for restarting requests with a new URI

Support for dynamic SAF parameters that include expressions,
variables, regular expression back references

<If>, <ElseIf>,
and <Else> tags for conditional processing

Support for complex conditions that use and, or, and notoperators

sed-request and sed-response filters
for rewriting request and response bodies

You can use these new features to define flexible URL rewriting and
redirection rules such as those possible with mod_rewrite from
the Apache HTTP server. Unlike mod_rewrite, regular expressions
and conditional processing in Web Server 7.0 can be used at any stage of request
processing, even with third-party plug-ins.

Support for migration of certificate from Tomcat or other
Java keystore file based repositories

Support for dynamically applied Certificate Revocation Lists
(CRLs)

Elliptic Curve Cryptography Support

Sun Java System Web Server has always supported RSA keys.
In addition to the continued support for RSA keys, Web
Server 7.0 introduces support for Elliptic Curve Cryptography (ECC).

ECC is the next generation of public-key cryptography for mobile or
wireless environments. ECC is based on a set of algorithms for key generation,
encryption, and decryption for performing asymmetric cryptography.

ECC operates on elliptic curves. You must pick a curve and
a key length. Curves are standardized and given names by various organizations
such as, NIST, ANSI, and SECG. Because these standards include the key length,
you only have to pick one of the predefined curve names. Web Server 7.0 supports
all the curves currently specified.

Localization Support

Web Server is available in the following languages:

French

German

Spanish

Japanese

Simplified Chinese

Traditional Chinese

Korean

Supported Platforms

Web Server can be installed on the Solaris, Linux, HP-UX and Windows
operating systems. The following table summarizes platform support. For more
information about installation requirements, see Required Patches in these release notes.

Note –

Web Server runs as a 32-bit application on Windows, Linux,
and HP-UX.

Intel Itanium Architecture is not supported.

Minimum required memory for installing Web Server on the specified
platforms is applicable when you are installing Web Server as a stand-alone
product. If you are installing Web Server as part of Java ES, the minimum
required memory might vary. For exact memory requirements, see the Sun Java
Enterprise System 5 Release Notes for UNIX.

System
Virtualization Support

System virtualization is a technology that enables multiple operating
system (OS) instances to execute independently on shared hardware. Functionally,
software deployed to an OS hosted in a virtualized environment is generally
unaware that the underlying platform has been virtualized. Sun performs testing
of its Sun Java System products on select system virtualization and OS combinations
to help validate that the Sun Java System products continue to function on
properly sized and configured virtualized environments as they do on non-virtualized
systems. For information about Sun support for Sun Java System products in
virtualized environments, see http://download.oracle.com/820–4651.

Required Patches

Update your operating system with the latest applicable patches. Required
patches are listed in the following sections.

On a 32–bit Solaris (SPARC) platform, install SUNWlibC and SUNWlibCx packages, in addition to the patches listed in the sections
below.

Web Server 7.0 installer determines if the required patches are installed
on your machine, without them the installation fails. The following patches are required for
successful installation and functioning of Web Server 7.0 on a supported platform.

Note –

If the patches available at http://sunsolve.sun.com are obsolete, download the most recent
version of these patches as they include the latest bug fixes and product
enhancements.

Note –

To know the Solaris Operation System version installed on your
machine, see the /etc/release file.

The /etc/release file contains Solaris Operation System version information in the
following format:

Solaris 10 Platform (SPARC and x86)

For the
64-bit version of Web Server, you must check if the SUNWlxml package is installed
on the server by running the command # pkginfo SUNWlxml which
produces the following output:

system SUNWlxml The XML library

This package is always installed with Solaris 10 standard installation,
even if you choose the lowest level of installation METACLUSTER=SUNWCmreq,
NAME=Minimal Core System Support.

If you do not want
this package, you can either, remove it by using the pkgrm command
or use a jumpstart image which lacks this package.

SPARC

119963-03 — Shared library patch for C++

x86

119964-03 — Shared library patch for C++

Incompatible Patches

Some incompatible patches can affect Web Server startup and cause the
server not to respond to requests. The following table lists such patches.
If you have an incompatible patch installed on your machine, upgrade the patch
to a recommended compatible patch.

Table 3 List of Incompatible Patches

Operating System

Incompatible Patch

Recommended Compatible Patch

Solaris 8 SPARC

109147-37 (linker patch)

109147-38 (linker patch)

109147-39 (linker patch)

109147–40
(linker patch)

Solaris 9 SPARC

112963-22 (linker patch)

112963-23 (linker patch)

112963-24 (linker patch)

112963-25
(linker patch)

Solaris 9 x86

113986-18 (linker patch)

113986-19 (linker patch)

113986-20 (linker patch)

113986-21 (linker patch)

HP-UX Patches

The requirements for installing Web Server on HP-UX platform are as follows:

Upgrade the JRE to make sure that Administration Server and Java Web
Applications are not impacted by this change. Download and use the appropriate
JRE that has the fix for DST changes. JRE versions for the supported platforms
are as follows:

Solaris: 1.5.0_09 or later

Linux: 1.5.0_09 or later

HP-UX: 1.5.0.03 or later

Windows: 1.5.0_09 or later

Supported Browsers

The following browsers are supported with Web Server Admin Console:

UNIX® and Windows platforms:

Mozilla 1.7

Firefox 1.0.4 or 1.5

Windows platform:

Microsoft Internet Explorer 7

Installation, Migration, and Upgrade Notes

This section includes notes about installing, migrating and upgrading your Sun Java
System Web Server. For detailed information about these topics, review the
information in the Sun Java System Web Server Installation and Migration Guide.
For known issues in this release of Web Server, see Known Issues in these release notes.

Installation

You cannot install Web
Server to a directory that contains an earlier version of
Web Server. You can, however, migrate the existing installation after installing Web Server to a
new directory.

Migration

Web Server 6.0 and 6.1 configurations can be migrated. Direct migration
from a Web Server version lower than 6.0 is not supported. Earlier versions
such as Web Server 4.0 or later must first be migrated to Web Server 6.1,
then to Web Server 7.0. For information about migrating from Web Server 4.0 or later
to Web Server 6.1, see the latest Sun Java System Web Server 6.1
Installation and Migration Guide and the Sun Java System
Web Server 6.1 Release Notes.

For detailed information about upgrading from Web Server 7.0 to Web
Server 7.0 Update 1, see the Installation and Migration Guide.

Compatibility Issues

Web Server 7.0 Update 1 supports JavaServerTM Faces
1.2 technology. Most JavaServer Faces 1.1 applications are expected to work
with Web Server 7.0 Update 1 without any modifications. However, there are
some compatibility issues that might be encountered when migrating applications
to JavaServer Faces 1.2 applications and such applications require modifications.
The changes are documented in the JavaServer Faces release notes at https://javaserverfaces.dev.java.net/rlnotes/1.2_04/issues.html.

Sun Java System Portal Server 7.1, provided with Java ES 5
is not compatible with Sun Java System Web Server 7.0 Update 1. If you have
deployed Sun Java System Portal Server 7.1 along with Web Server 7.0, you
need to upgrade both servers rather than only Sun Java System Web Server 7.0.
The required Sun Java System Portal Server 7.1 upgrade is available with
Java Enterprise System 5 Update 1 or with the following patches available
on http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access web site.

124301 (SPARC)

124302 (x86)

124303 (Linux)

If you are using a localized version of Web Server, install the following
Portal Server localization patches:

Resolved Issues

Specifying a Java LDAP connection pool through the JVM options in the server.xml file and referencing this with an external JNDI resource
when the web server is started, creates a pooled LDAP connection. With this
connection, it is always marked as busy and the connection never expires.

6472223

Values of 'mail-resource' sub elements are
not getting set on mail session object.

6487083

NSAPIRequest.setupRequestFields is slow.

com.sun.webserver.connector.nsapi.NSAPIRequest.setupRequestFields is
slow primarily because of excessive String-->byte and byte-->String conversion
when parsing Cookie headers.

6501785

The servlet container does not use accelerator
cache when processing RequestDispatcher includes.

For static file requests, if the secret-keysize of
the client is less than the size specified by the server and a bong file is
present, then the bong file is sent back as the response. However, requests
for dynamic content (for example, JSP files) return the
actual requested object (for example, the JSP file) rather
than the bong file.

6421617

Problem having server-parsed HTML (ParseHTML)
and .htaccess with restricted group option.

Authentication succeeds when parsing through a HTML file which has the
shtml include entries and is configured to authenticate through .htaccess which has the "restricted by group" option enabled. If the group
user gets authenticated, then the result page does not get shtml include entries.
This however works fine with the user in .htaccess file
has "restricted by user" option.

6489913

SSL session cache cannot be disabled.

Session cache is enabled by default. When the session cache is disabled
and URL is accessed through the HTTPs protocol, the URL does not go through
and the server log displays an error message indicating that the SSL cannot
be configured without session-cache.

The documents for a simple sample application shows an incorrect pathname.
The path should be install_dir/plugins/java/samples/webapps/simple/src instead of install_dir/samples/java/webapps/simple/src.

6347905

No CLI support to configure FastCGI. Need
to manually edit obj.conf or magnus.conf files to configure FastCGI.

6504587

Memory leak found in FastCGI.

6479045

Admin Console online help needs to be updated.

The online help needs to be updated for the following:

Context-based help should be provided.

All screens must have a corresponding help page.

Help pages must reflect the changes in the GUI.

Inconsistent usage of terminology between the GUI and online
help.

Fix grammatical errors.

Detailed description for some topics.

6482764

Mismatch between online help and the Admin Console.

6498477

Missing help file under config tokens page.

Common Tasks > Edit Configuration > Certificates > PKCS11 Tokens, the
help file for this screen is missing.

6479062

Cannot dynamically reconfigure HTTP listener
family. The Instance does not start on setting the protocol family to nca.

6482536

<listen-queue-size> upper bound is set to
65535, which is too small. Need to increase the <listen-queue-size> upper
bound.

6500715

Incorrect ObjectType fn="force_type" added in
object cgi on creation of new cgi directory.

When creating a new cgi directory, an incorrect object
type force_type is added to the obj.conf file.

6479247

On Windows, dialog box to enter the token password
appears on restarting an instance after the deployment. This behavior is not
see on other platforms.

6425144

On Windows, wadm does not update classpath correctly
if classpath contains a semicolon (;)

The semicolon in tcl is interpreted as a command
terminator, which is used to group multiple commands in a single line. On
Windows, semicolon is used as a path separator.

6292582

SNMP Management Information Base (MIB) for "iwsFractionSysMemUsage"
does not show correct results

SNMP MIB "Fraction of process memory in system memory" which is part
of iws.mib gives wrong results when queried by the SNMP
manager utility.

6471744

Incorrect error message is displayed if you
execute the list-tokens command without specifying the configuration value.

6471754

Incorrect error message is displayed if you
execute the list-authdb-userprops command without specifying the authdb value.

6472210

No error message is displayed if you execute
the get-ssl-prop command with an invalid http-listener value.

6476111

Cannot edit the MIME types using the Admin Console.

6478601

Displays an improper message when you stop
an instance that does not exist.

An error message `Successfully stopped the server instance' is displayed
if you try to stop an instance that does not exist.

6480523

wadm allows you to create a configuration with
a negative port number.

6489765

Incorrect error message is displayed if you
execute the create-cert-request command with an invalid key-size value.

6489777

The delete-group command displays an incorrect
error message if you specify an invalid group value.

6489779

No error message is displayed when you execute
the list-group-members command with an invalid group-ID value.

6490728

Cannot set the rewrite-location properties
using the set-reverse-proxy-prop command.

You cannot set the -rewrite-location property to false. The value specified for the -rewrite-location is
not validated. For example, specifying the = symbol for
the i-rewrite-location option corrupts the obj.conf file
and results in parser error.

6492315

The set-token-prop command sets wrong passwords
in the server.xml file even if the token pin has not been specified.

6492469

Incorrect error message is displayed on LDAP
user creation failure.

6494353

If an invalid node name is specified while deleting
an instance, an incorrect error message is displayed.

6494950

The register-node command runs successfully
with non SSL port only in shell mode.

In shell mode, typing the register-node command with
the -no-ssloption registers the node successfully as the command
is falsely executed in the SSL mode.

6405018

The get-jvm-prop command
does not print the command when echo is enabled in shell mode.

6499507

Incorrect error messages are displayed when
you execute the list-locks and expire-lock commands.

6499510

A 'null' message is displayed if you execute
the list-instances, list-crls, list-tokens, and list-certs commands without
specifying the configuration name.

6499512

The error message for the list-url-redirects
command is not localized.

6500119

wadm prompts for a token pin if you specify
an invalid configuration name while trying to delete an existing certificate.

6500146

While creating an HTTP listener using the CLI,
the create-http-listener command creates a listener with null value as name.

6500150

If you do not specify a virtual server while
executing the list-dav-collections command, an incorrect error message is
displayed.

6500151

If you do not specify the authentication database
while executing the list-users, list-org-units, list-groups, and list-group-members
commands, an incorrect error message is displayed.

6500152

If you do not specify a virtual server while
executing the list-uri-patterns command, an incorrect error message is displayed.

6500154

If you do not specify a JNDI name or specify
an invalid JNDI name while executing the list-jdbc-resource-userprops, list-soap-auth-provider-userprops,
list-auth-realm-userprops, list-external-jndi-resource-userprops, list-custom-resource-userprops
commands, an incorrect error message is displayed.

6503350

Error message given when entering invalid wadm
command is misleading.

When you type an invalid command, an error message “Invalid command <command
name>. Use "help" command for a list of valid commands.” is displayed.
The help man page does not contain a list of valid command. Therefore this
error message is misleading.

6503944

The create-user command usage for the LDAP
authentication database is ambiguous.

6504095

The set-cert-trust-prop command accepts incorrect
properties and does not show proper error message.

6443845

Administration Server does not validate the
password length and mechanism support of the given token.

6449506

Certificate with same server name as existing
certificate cannot be created with the same nickname.

6461553

Virtual Server Web Applications page title
help is incorrect.

6473518

Prompt to enter token pin while starting instance
should not appear if configuration has not been deployed.

6476095

Admin Console does not provide an option to
edit document directories and CGI records.

6476736

Admin Console should have a tab to add and
edit MIME mappings at the Virtual server level.

6478090

`Current Password' field in the Nodes -> Select
Administration Server-> Certificates -> Token Password Management page should
be disabled if no token password has been set for the administrator.

6490705

Unable to configure uri-pattern specific configurations
using the Admin Console.

Administration CLI should support URIs, URI
prefixes, URI wildcard patterns, and URI regular expressions for all commands
that operate on URI space.

6366956

Search schedule events do not work from the
Admin Console.

6378612

64–bit instance does not start on 32–bit
remote node.

6423391

When a server certificate with data in non-DER
format is installed, an incorrect error message is displayed.

6439132

Exceptions in Certificate Installation wizard
not clear.

6468676

No validation exists for 'Java Home' field;
accepts invalid data.

6474668

HTTP Listener field accepts names with spaces.
This is invalid.

6476111

Unable to edit MIME types either using the
Admin Console or the CLI.

6483365

GUI and CLI accept Web Server 7.0's server
root for migration

The Admin Console and the CLI accept the Web Server 7.0 path instead
of Web Server 6.1 or Web Server 6.0 path during migration. Web Server 7.0
path is not a valid path for the server-root property in
the migrate-server command.

6492176

Default and null values get stored in obj.conf
when a new configuration is created and saved using the Admin Console.

Administration Server stores the values passed by the Admin Console
into obj.conf file without any validation.

6497004

SaveConfigException displayed on CLI during
set-authdb-prop.

If a nonexistent file path is provided to the path property
for keyfile authdb by using the set-authdb-prop command,
results in SaveConfigException instead of
a File does not exist message.

See the error log for the Administration Server.

6497143

At times, the execution of stop-admin command
displays the "Admin Server Not Running" message when the Administration Server
is actually running.

6498411

The get-cert-prop does not display only those
properties mentioned in the <displayproperties> element.

6500715

Server error on trying to access a file in
the cgi-bin directory.

6364702

wadm commands do not return valid error codes
[0-125] when success or failure.

6370032

Session failover does not happen with RequestDispatcher
include call.

While deploying two web applications on a cluster where the first application
calls on the second application using the RequestDispatcher() include
call, the persistence valves are not called during the RequestDispatcher()'s invoke() method, and session replication
does not occur.

6381950

Incorrect load factor set for BaseCache.

Session replication does not support more than two web applications.

6381954

Session replication fails to work on multiple
web applications involving RequestDispatcher due to bad sequence.

6383313

Incorrect path is set on SR-intanceId cookie.

The SR-instanceId cookie should be set to the web
application's path instead of the servlet's path.

6450360

The create-authdb command does not validate
the URL at the time of the authentication database (authdb) creation. The
create-authdb command successfully creates an authentication database with
the wrong URL.

6450800

The get-error-log and the get-access-log commands
displays cluttered and improper messages.

6459106

The wadm deploy fails to deploy the cluster
configuration.

If any changes occur to the instance configuration files, manually or
otherwise, the deploy-config command displays an error
message stating that the instance has been modified.

6462891

No Admin Console is available to deploy web
applications in user specific location.

6439577

Does not prompt for the token password when
the instance is started from the wadm command prompt with a wrong token-pin.

6465470

Incorrect text in Groups settings page.

The text should read as “From this page you can add/remove user
groups in the selected Authentication Database” instead of “From
this page you add/remove user groups in the selected Authentication Database.”

6465480

Incorrect message when you delete a JVM profiler.

The message should read as “Profiler deleted successfully”
instead of “Profiler saved successfully”.

6466409

Incorrect error message is displayed when you
provide a wrong path while adding web application.

If a single .htaccess file has more than five allow
or deny rules, it is possible that some of the rules may become corrupted
in memory. If this occurs, some of the rules may be bypassed.

6506936

deploy-config fails when you modify JSPs or any other
files in the webapps directory of the instance.

When using the pull-config either through the Admin
Console or through the CLI, only the contents of the instance_dir/config directory is pulled into the config-store.
In Web Server 7.0, when pull-config was used, the contents
were pulled into instance_dir/config, instance_dir/lib, and instance_dir/web-app directories.

6492407

Front-end file accelerator cache.

Depending on ACLs and obj.conf configuration, a
front end accelerator cache can service static file requests for URIs that
were previously processed using NSAPI. The accelerator cache must work with
the default configuration.

6498928

Output directives are not invoked for 0-byte
files.

Output directives are not invoked for 0-length responses unless protocol_start_response() is called. send-file does not call protocol_start_response() function. Output directives are not invoked when sending 0-byte
files.

6502258

Server crash with large output buffers.

If the output stream buffer size is bigger than the input buffer size,
the server might attempt to buffer data at an invalid address. The default
input buffer size is 8192 bytes.

6504755

Cannot disable access logging in default server
instance.

The value of the <access-log> <enabled> element
is ignored in the server.xml file.

6505390

Accelerator cache does not handle ssl-unclean-shutdown
properly.

The accelerator cache does not interact correctly with the AuthTrans
fn="match-browser"browser="*MSIE*"ssl-unclean-shutdown="true" directive in the default configuration. When such a directive is
present, the accelerator cache applies the "unclean shutdown" setting to every
connection, regardless of the browser used.

6432375

On HP-UX, SNMP fails for some oid values.

Workaround

Due to lack of the HP-UX API support and complexity, network in and
out traffic statistics is not implemented. Use HP tools for monitoring the
traffic statistics.

6430293

The AdminException messages displayed on the Admin Console are
not localized.

6508299

Displays incorrect characters in search results on the left
panel of online help on non-English locales.

6507819

Localized online help content have some differences from the
English version.

6479062

Web Server fails to start when HTTP listener
protocol family="nca" is used for Solaris SPARC, Linux and HP-UX platforms.

Web Server instance does not restart on setting the Protocol-Family property to nca in the EditHTTPListener wizard.

Known Issues

This section lists the important known issues and limitations at the
time of Web Server 7.0 Update
1 release.

Administration

The following table lists the known issues in the administration of
Web Server.

Table 4 Known Issues in Administration

Problem ID

Description

6364924

A node can be registered to multiple administration
servers which may cause a configuration conflict.

It is possible to register a node to a second Administration Server
without canceling the registration with the first Administration Server. However,
this leads to the nodes becoming inaccessible to both the Administration Servers.

Workaround:

On each registration, restart the administration node. The administration
node will be available to the most recent Administration Server it has registered
to.

6379125

wadm command allows connecting to a node, shows
a certificate and then throws a 'HTTP 400 Error'.

When an administration node receives a connection, the administration
node does not check the connection is from the Administration Server before
proceeding. It not only prints an inappropriate error message, but also prompts
the user to enter the password.

6387762

Cannot access
shell/system variables from wadm.

Workaround:

wadm does not inherit
the shell environment variables. However, to make the shell variables it
available to wadm, use

"java::call
System getenv env_var_name

For
example:

For accessing the shell environment variable MAIL from
within wadm, type the following command at the wadm prompt:

wadm> java::call System getenv "MAIL"
/var/mail/abc

4793938

User and password dialog presented instead of
directory index.

By default, Web Server 7.0 does not send a directory index unless the
user has been authenticated. Attempting to access a directory prompts the
user to enter a user name and password. This occurs because the default Access
Control List (ACL) in Web Server 7.0 grants the list access right only to
authenticated users.

Session replication enabled instances does
not come up normally, if other instances in the cluster are not started.

6393534

After migrating the Java keystore keycerts
using the migrate-jks-keycert command, trying to list the migrated jks keycerts
using the list-certs command, displays the CN, org and other information instead
of the certificate nickname.

6407486

While setting the SSL property using the wadm
set-ssl-prop command, the server-cert-nickname property accepts any certificate
nickname, instead of accepting only the server certificate nickname.

6443742

The set-session-replication-prop CLI command
does not work if the 'node' option is provided with a qualified domain name.

Workaround

Use the output of the list-nodes command for the
valid names of the nodes in the set-session-replication-prop command.

6464953

Setting digestauthstate property through the
set-authdb-prop CLI does not validate the value and allows to set junk value
for this property.

6468570

Specifying "yes" at the wadm prompt crashes
the CLI.

6469676

When you try to connect to the Administration
Server after the administration certificates have expired, an incorrect error
message is displayed.

6480600

The register-node command gives an incorrect
error message when the Administration server runs out of disk space.

6495446

If no disk space is available on the device,
wadm throws an incorrect error message "Unable to communicate with the administration
server".

6502800

Executing the migrate-server command with both
"--all" and "--instance" options does not result in an error.

A warning or an error message should be displayed indicating that the
user is attempting the set mutually exclusive options.

6416328

The Start Instances. button in the Admin Console
is enabled for instance which is already running.

The buttons should be enabled or disabled based on the status of the
instance.

6418312

wadm allows you to define duplicate user properties.

Adding duplicate user properties does not show an error message; however,
a new user property is not created.

6421740

There is no provision to create new Access
Control List (ACL) file using the Admin Console or the CLI.

6423432

On Windows, using an existing configuration,
repeating the process of adding and removing the registered nodes causes validation
failure.

6426116

Clicking on the Version button in the Admin
Console result in “file not found” warning in Administration error
logs.

6430417

MIME Types allows MIME value with multibyte
characters.

6442081

Text in Access Control List page is not formatted.

6442172

User can be switched between `available' and
`selected' lists in ACE even though the user is deleted from the authentication
database.

6446162

No warning is issued before the deletion of
key or the digestfile authentication database.

6446206

When a single user in group is deleted, an
incorrect message “Group Saved Successfully" is displayed.

6448421

Administration Interface allows you to create
a new user with multi-byte User ID in the keyfile authentication database.

6455827

User and Group table in the Admin Console displays
the entire result in a single page.

6461101

Labeling of the Request Certificate and Install
buttons in the Admin Console Create Self-Signed Certificate page needs to
be revised.

6462057

Add and Remove buttons are enabled in new ACE
window even if no items are present in the `Available' list.

No validation exist to check the entry of wrong
country code in the certificate request wizard.

6465421

In the Admin Console, no text field description
is provided for virtual-server, authdb, dav collection, and event fields .

6466336

Admin Console shows wrong JDK version while
creating a new configuration.

The JDK version displayed in the Admin Console is 5.0 u6 instead of
5.0 u7.

6471171

Style formatting is lost after restarting the
Administration Server from Nodes -> Administration Server General tab.

6471367

Attempting to access the Admin Console in another
tab of the same browser does not work.

6471792

View Log displays result in a single page.

Although the search criteria selected for record size is 25 log entries,
the log displays the results in one single page even if there are more than
50 log entries.

6472932

Token mismatch error is displayed when you
remove the token password and then reset it in the Common tasks -> Select
configuration -> Edit configuration -> Certificates -> PKCS11 Tokens page.

6486037

The Virtual Server Management->Content Handling->Document
Directories->Add should have a browse option to choose the path of a additional
document directory.

6492906

Message displayed about WebDAV collection locks
in the Admin Console is misleading.

If you specify the time-out value for the WebDAV collection as infinite, the Common Tasks->Select Configuration ->Select Virtual Server->Edit
Virtual Sever ->WebDAV->Select collection page displays the message DOES NOT EXPIRE. What it actually means is that the lock
does not expire automatically after a specified time or the time-out is infinite.

Most of the functional validation of the data in a form is done in the
back end. The GUI has only minimal checks such as empty fields, integer values,
and ASCII values. Hence, the GUI stores the data in the obj.conf when
parsed gets corrupted .

6493971

Admin Server does not time-out if the server
instance restart does not respond.

On UNIX systems, the Administration Server waits until the server instance
is restarted when the restart-instance command is executed.
If the instance is not successfully restarted, the Administration Server does
not respond to requests.

6497213

Executing the restart-admin command followed
by the stop-admin command throws exception in administration error logs.

6515745

SNMP master agent process fails to start on Web Server

Workaround:

Changing the tcp_xmit_hiwat value to a higher value like 262144 , peer SNMP master agent functions
properly. Type the following command to change the tcp_xmit_hiwat value.

# ndd -set /dev/tcp tcp_xmit_hiwat 262144

6534202

Cannot edit WebDAV collection properties through the Admin Console

When a configuration is deployed on multiple nodes, the lockdb path
must be a shared location mounted on the same path on all the nodes. Additionally,
to list or expire locks in the lockdb from the Admin Console,
the same path must be writable from the Administration Server.

6545779

On Windows, wdeploy command fails if older version of libnspr4.dll
is found in the system32 directory.

Workaround

Before calling Java, edit
the wdeploy.bat file that is available in install_dir/bin directory. Change the path of the Java directory to install_dir/lib directory. This modification makes Windows look for libnspr4.dll in the install_dir/lib directory before it
looks in system32 directory.

6554691

The add-webapp command when used with JSP pre-compilation option
does not delete the previously precompiled JSP files.

6556820

The Admin Console or the Admin CLI does not provide support
to add CA certificates to the Administration Server.

6587832

On Windows, the Admin Console intermittently fails to come up.

Workaround

This problem is seen on Windows 2003 if you have "Internet
Explorer Enhanced Security Configuration" enabled.

To access the Admin Console without disabling Enhanced Security
feature, include the site in the list of trusted sites explicitly on the browser.

Ensure that patch PHKL_28428 or its updated
version is present on the system. If it is not present, install the patch.

Type the following commands before starting the Web Server:

For 1500 MBytes to 2400 MBytes of Java heap: Type the following
command before starting the Web Server:

chatr +q3p enable
/opt/sun/webserver7/lib/webservd

For 2400 MBytes to 3.8 GBytes of Java heap: type the following
command before starting the Web Server:

chatr +q3p enable
+q4p enable /opt/sun/webserver7/lib/webservd

Start the server.

/opt/sun/webserver7/lib is
the default location of the webservd binary.

Documentation and Online Help

The following table lists the known issues in Web Server 7.0 documentation
and online help.

Table 6 Known Issues in Documentation and Online
Help

Problem ID

Description

6474011

The basic-search.html has unclear description.

FastCGI

The following table lists the known issues in the FastCGI.

Table 7 Known Issues in FastCGI

Problem ID

Description

6485248

The fastcgi stub does not properly close all
the processes when reuse-connection is set to true.

Configure Web Server 7.0 to work with PHP as a FastCGI plug-in and set reuse-connection=true. When you shutting down the server or reconfiguring
the server, the fastcgi() process and its child processes
are left behind and not killed properly.

Installation

The following table lists the known issues in the installation of Web
Server.

Table 8 Known Issues in Installation

Problem ID

Description

4988156

Installing the stand-alone product over an existing
Java ES installation and vice-versa is not supported.

Installing Web Server 7.0 as a stand-alone product over an existing
Java Enterprise System (Java ES) installation is not supported. Java ES users
of the Web Server must use the Java ES installer to upgrade to the newer version
of the Web Server.

Uninstalling the administration node does not
delete itself from the administration server node.

After installing the administration node and registering it with the
administration server in the Node tab, the administration node is listed in
the Node tab. When the administration node is uninstalled, the administration
node entry remains in the Node tab.

6287206

Cannot install if the setup is started from
a shared folder on the network.

On the Windows platform, unable to install the product when the installer setup.exe is started from a shared network folder on another machine.

6311607

On Windows, installer crashes in CLI mode, if
the administration password is >= 8 characters.

If the administration user password is greater than eight characters,
then any invalid input to the administration port, web server port, or the
administration user ID crashes the installer.

Workaround:

When installing Web Server 7.0 on the Windows platform using the command-line
interface (CLI), the administration password must be set to less than (<)
eight characters.

6408072

On Windows, need icons for objects in Programs
folder.

The objects in the Sun Java System Web Server 7.0 folder on Windows
are created with default Windows program icons and do not have specific icons
that denote Sun programs.

6492144

The CLI installer does not handle ctrl+c while entering the password.

The installer does not accept ctrl+c and hence the
terminal becomes unusable.

Migration and Upgrade

The following table lists the known issues in the migration and upgrade areas of Web Server.

Table 9 Known Issues in Migration and Upgrade

Problem ID

Description

6407877

Incorrect migration occurs while migrating
from Web Server 6.0 to 7.0 if the installed.pkg file is not found.

In Web Server 6.0 to 7.0 migration, if the installed.pkg file
is missing, Web Server incorrectly migrates the NSServlet entries
in the magnus.conf file.

6.1->7.0: Migration does not handle relative
path set for search-collection-dir correctly.

During instance migration, specifying a relative path for the target
path into which the search collections should be copied, results in the search
collection directory being created with respect to the config-store.
When the instance is instantiated, the indexes are created without properly
migrating the search collections.

On Windows, Web Server Admin Console does not
appropriately warn users during migration.

Administration Server does not detect if the selected new configuration
or the service name already exists on Windows and hence does not appropriately
warn the users to select a different configuration name or suggest a different
configuration name as default.

6500509

Web Server 7.0 migration tool is unable to successfully
migrate from Web Server 6.1 if it has Root Certs installed in it.

To set javamail.resource.host, edit the javamail.build.properties and not the build.xml as specified in install_dir/samples/java/webapps/javamail/src/docroot/sendmail.jsp.

6559735

Sample applications documentation must mention adding jar file
to the class path in the properties file.

In the install-dir/samples/java/webapps/security/jdbcrealm/docs/index.html, under 'Compiling and Assembling the Application' section, there
must be a mention of adding JDBC driver jar file to class path suffix in the jdbcrealm.build.properties file.

Search

The following table lists the known issues in the search functionality
of Web Server 7.0.

Table 11 Known Issues in Search

Problem ID

Description

6413058

server.xml does not store the full file pattern
for converting and including search .

The schema does not store the full file pattern allowed by both the
Admin Console and the search administration tools in this version of the Web
Server. It also has no way to represent the full file pattern that might sometimes
need migration from the previous versions of the Web Server.

Security

The following table lists the known issues in the security area of Web
Server.

Table 12 Known Issues in Security

Problem ID

Description

6376901

Limitation supporting basic and digest-based
ACLs for resources in the same directory.

If the server uses digest and basic-based ACLs in different parts of
their doc tree, attempting to use both simultaneously on different files or
resources in the same directory is not possible.

6431287

TLS_ECDH_RSA_* require the server cert signed
with RSA keys.

Cipher suites of the form TLS_ECDH_RSA_* requires
server to have an ECC keypair with a cert signed using RSA keys. Note that
this precludes using these cipher suites with self-signed certificates. This
requirement is inherent to these cipher suites and is not a bug. The server
should detect and warn about wrong configurations related to these cipher
suites but currently it does not do so.

6467621

Request to the server fails with using of "Sun
Software PKCS#11 softtoken".

Refer to the following documents for additional info on configuring
the Web Server with Solaris 10 libpkcs11:

Session Replication

The following table lists the known issues in the session replication
functionality of Web Server 7.0.

Table 13 Known Issues in Session Replication

Problem ID

Description

6324321

Descriptive error message is not displayed
when an error occurs remotely.

When an exception occurs remotely, error messages are logged in the
error log of the remote instance. However, the local instance currently displays
a generic remote exception which does not clearly indicate which error log
that the user must view.

6396820

Session replication does not failover correctly
when cookies are disabled on the client.

6406176

When enabled, session replication should be
the default session manager.

After enabling session replication by using the Admin Console or the
CLI, or by editing the server.xml file, session replication
is not really enabled. Instead, sun-web.xml needs to be
manually edited.

Web Container

The following table lists the known issues in the web container of Web
Server.

Table 14 Known Issues in Web Container

Problem ID

Description

4858178

Web container writes to stderr.

6349517

Incorrect web application session statistics
for MaxProcs > 1 mode.

Web Server runs in multi-process mode. The MaxProcs configuration
variable in the magnus.conf is used to set the maximum
number of processes. If the value for MaxProcs is set to
greater than 1, the Web Server uses mmap-based session
manager so that the session could be shared among different JVMs. While collecting
statistics from multiple processes, web application MBeans provide session
for individual MBeans. There is no way to find the true number of sessions
by seeing individual MBean's web application session statistics.

6394715

Web container deletes the disabled web application
MBeans object.

When the web application is disabled by setting the <enabled> element
to false in the server.xml file, the web container deletes
the web application's MBeans and hence treats it as a closed or deleted web
application. Since disabled objects are deleted, statistics are also lost.

6419070

No information is logged in error logs at the
finest log level on successful JNDI resource creation.

If a servlet is mapped to req URI formed by
partial req + welcome file, the behavior is wrong.

If a web container receives a valid partial request, the web container
must examine the welcome file list defined in the deployment descriptor. The
welcome file list is an ordered list of partial URLs with no trailing or leading /. The Web Server must append each welcome file in the order specified
in the deployment descriptor to the partial request and check whether a static
resource or a servlet in the WAR file is mapped to that request URI. The web
container must send the request to the first resource in the WAR that matches.

Web Server 7.0
Update 1 ships with JavaServer Faces 1.2 technology. All JavaServer Faces
web applications are expected to work with Web Server 7.0 Update 1 without
any modifications. However, there are a few known compatibility issues with
JavaServer Faces 1.2 and might require applications to be modified to address
these incompatibilities. The incompatibilities are documented in the JavaServer
Faces release notes at: https://javaserverfaces.dev.java.net/rlnotes/1.2_04/issues.html.

Localization

The following table lists the known issues in the localized version
of Web Server.

Table 15 Known Issues in Localization

Problem ID

Description

6316881

Multi-byte characters in headers can not be
retrieved by req.getHeader().

The characters are not parsed correctly, when request.getHeader() is
called.

5046634

There is no functionality equivalent to use-responseCT-for-headers in Web Server 7.0.

Response
header encoding is enabled at the web-app level
by setting the value of the configuration parameter use-responseCT-for-headers to any of the values; yes, true,
or on in the web-app/sun-web.xml file.

If Web Server 7.0 is already configured in 64–bit mode, and the
Portal Server installation is started, Portal Server configuration does not
set stack size to 128K. However, if both Portal Server and Web Server are
already installed and configured in 32–bit mode, switching to 64–bit
mode involve series of manual steps that are described in the Workaround section.

Workaround

If Portal Server part of Java ES 5 is deployed on top of the 32–bit
version of Web Server 7.0, and if you would like to start the server in 64-bit
mode, perform the following steps:

Move the existing libdb-3.3.so and libdb_java-3.3.so library files to an appropriate location, somewhere outside the
Web Server's private directories. Once the Portal Server libraries are in
a suitable location, that path must be specified for the <libdb-3.3.so
path>:<libdb_java-3.3.so path> in
the following commands.

On Solaris platform, perform the following steps:

Copy the libdb-3.3.so and libdb_java-3.3.so files from Web Server 6.1 lib directory to an
appropriate location.

Note –

For HP-UX, the files are libdb-3.3.sl and libdb_java-3.3.sl. For windows, the files are libdb-3.3.dll and libdb_java-3.3.dll.